Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(386)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/paddingextension.patch

Issue 66553007: net: don't add padding extension for SSLv3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/third_party/nss/ssl/ssl3con.c » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c 1 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2 index 8b8b758..567d481 100644 2 index 8b8b758..25709b2 100644
3 --- a/nss/lib/ssl/ssl3con.c 3 --- a/nss/lib/ssl/ssl3con.c
4 +++ b/nss/lib/ssl/ssl3con.c 4 +++ b/nss/lib/ssl/ssl3con.c
5 @@ -4975,6 +4975,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) 5 @@ -4975,6 +4975,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
6 PRBool isTLS = PR_FALSE; 6 PRBool isTLS = PR_FALSE;
7 PRBool requestingResume = PR_FALSE; 7 PRBool requestingResume = PR_FALSE;
8 PRInt32 total_exten_len = 0; 8 PRInt32 total_exten_len = 0;
9 + unsigned paddingExtensionLen; 9 + unsigned paddingExtensionLen;
10 unsigned numCompressionMethods; 10 unsigned numCompressionMethods;
11 PRInt32 flags; 11 PRInt32 flags;
12 12
13 @@ -5241,6 +5242,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) 13 @@ -5241,6 +5242,22 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
14 length += 1 + ss->ssl3.hs.cookieLen; 14 length += 1 + ss->ssl3.hs.cookieLen;
15 } 15 }
16 16
17 + /* A padding extension may be included to ensure that the record containing 17 + /* A padding extension may be included to ensure that the record containing
18 + * the ClientHello doesn't have a length between 256 and 511 bytes 18 + * the ClientHello doesn't have a length between 256 and 511 bytes
19 + * (inclusive). Initial, ClientHello records with such lengths trigger bugs 19 + * (inclusive). Initial, ClientHello records with such lengths trigger bugs
20 + * in F5 devices. 20 + * in F5 devices.
21 + * 21 + *
22 + * This is not done for DTLS nor for renegotiation. */ 22 + * This is not done for DTLS nor for renegotiation. */
23 + if (!IS_DTLS(ss) && !ss->firstHsDone) { 23 + if (!IS_DTLS(ss) &&
24 + ss->version > SSL_LIBRARY_VERSION_3_0 &&
25 + !ss->firstHsDone) {
24 + paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length); 26 + paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
25 + total_exten_len += paddingExtensionLen; 27 + total_exten_len += paddingExtensionLen;
26 + length += paddingExtensionLen; 28 + length += paddingExtensionLen;
27 + } else { 29 + } else {
28 + paddingExtensionLen = 0; 30 + paddingExtensionLen = 0;
29 + } 31 + }
30 + 32 +
31 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); 33 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
32 if (rv != SECSuccess) { 34 if (rv != SECSuccess) {
33 return rv; /* err set by ssl3_AppendHandshake* */ 35 return rv; /* err set by ssl3_AppendHandshake* */
34 @@ -5360,6 +5375,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) 36 @@ -5360,6 +5377,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
35 return SECFailure; 37 return SECFailure;
36 } 38 }
37 maxBytes -= extLen; 39 maxBytes -= extLen;
38 + 40 +
39 + extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes); 41 + extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
40 + if (extLen < 0) { 42 + if (extLen < 0) {
41 + return SECFailure; 43 + return SECFailure;
42 + } 44 + }
43 + maxBytes -= extLen; 45 + maxBytes -= extLen;
44 + 46 +
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
133 ssl_next_proto_nego_xtn = 13172, 135 ssl_next_proto_nego_xtn = 13172,
134 ssl_channel_id_xtn = 30031, 136 ssl_channel_id_xtn = 30031,
135 + ssl_padding_xtn = 35655, 137 + ssl_padding_xtn = 35655,
136 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ 138 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
137 } SSLExtensionType; 139 } SSLExtensionType;
138 140
139 -#define SSL_MAX_EXTENSIONS 11 141 -#define SSL_MAX_EXTENSIONS 11
140 +#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. * / 142 +#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. * /
141 143
142 #endif /* __sslt_h_ */ 144 #endif /* __sslt_h_ */
OLDNEW
« no previous file with comments | « no previous file | net/third_party/nss/ssl/ssl3con.c » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698